473,231 Members | 1,838 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,231 software developers and data experts.

smart way to replace characters

Hi Gurus

I am a novice - just so you know.

is there a smarter way to write:

$keywords = str_replace("'", "",$keywords);
$keywords = str_replace('"', '',$keywords);
$keywords = str_replace('`', '',$keywords);
$keywords = str_replace('(', '',$keywords);
$keywords = str_replace(')', '',$keywords);
$keywords = str_replace('.', '',$keywords);

I basically only want A-Z, a-z and 0-9 in my keyword string as it has to go
in SQL i.e.

'Select * from a where a.description LIKE '%$keywords%'

TIA

- Nicolaas

TIA

- Nicolaas
Jul 17 '05 #1
7 8657
DH
WindAndWaves wrote:
I basically only want A-Z, a-z and 0-9 in my keyword string as it has to go
in SQL i.e.


Try this:

$out = eregi_replace("[^[:alnum:]]", "", $in);
Jul 17 '05 #2
WindAndWaves <ac****@ngaru.com> wrote:
is there a smarter way to write:

$keywords = str_replace("'", "",$keywords); [4 lines] $keywords = str_replace('.', '',$keywords);
Of you want to replace all chars to one char:
$arrOfChars=array("'", .... ,".");
$keywords=str_replace($arrOfChars,'',$keywords);

Also possible: str_replace($arrFrom, $arrTo, $line);
I basically only want A-Z, a-z and 0-9 in my keyword string as it has to go
in SQL i.e.

'Select * from a where a.description LIKE '%$keywords%'


Properly escaping $keywords should always be done, what that exactly is
depends on the actual database.

Jul 17 '05 #3

"Daniel Tryba" <sp**@tryba.invalid> wrote in message
news:41**********************@news6.xs4all.nl...
Properly escaping $keywords should always be done, what that exactly is
depends on the actual database.


Can you explain to me what that means... sorry - but I am a complete novice.

Thank you.
Jul 17 '05 #4
WindAndWaves wrote:
"Daniel Tryba" <sp**@tryba.invalid> wrote in message
news:41**********************@news6.xs4all.nl...

Properly escaping $keywords should always be done, what that exactly is
depends on the actual database.

Can you explain to me what that means... sorry - but I am a complete novice.

Thank you.


I believe what Daniel is saying is, if you want to replace a whole list
of characters with a single character (or no character), you can create
an array (which is a kind of list) of the bad characters you want to
replace:

$bad_chars = array("'", "\"", "`", "(", ")", ".");

and then using the str_replace function replace them all at once:

$keywords = str_replace($bad_chars, '', $keywords);

NM

--
convert uppercase WORDS to single keystrokes to reply
Jul 17 '05 #5
WindAndWaves <ac****@ngaru.com> wrote:
Properly escaping $keywords should always be done, what that exactly is
depends on the actual database.


Can you explain to me what that means... sorry - but I am a complete novice.


For eg mysql the character that have to be escape (according to
http://nl3.php.net/manual/en/functio...ape-string.php) are:
NULL, \x00, \n, \r, \, ', " and \x1a.
Escaping in mysql is done by prepending a \: 'It\'s'

Other database engines are know to sometimes use ' to escape a literal '.
(so ' in a string should be transformed to 'It''s')

But the point I actually was trying to say: although you might want
constraints on the input to the database (eg only A-z and 0-9 (for which
the already mentioned regular expression is a prefect solution)) you
should _always be very sure_ that the string is escaped before
inserting.

For example:
mysql_query("insert into foo values ('".mysql_escape_string($keywords)."')");

Jul 17 '05 #6

"Daniel Tryba" <sp**@tryba.invalid> wrote in message
news:41**********************@news6.xs4all.nl...
WindAndWaves <ac****@ngaru.com> wrote:
Properly escaping $keywords should always be done, what that exactly is
depends on the actual database.

Can you explain to me what that means... sorry - but I am a complete novice.


For eg mysql the character that have to be escape (according to
http://nl3.php.net/manual/en/functio...ape-string.php) are:
NULL, \x00, \n, \r, \, ', " and \x1a.
Escaping in mysql is done by prepending a \: 'It\'s'

Other database engines are know to sometimes use ' to escape a literal '.
(so ' in a string should be transformed to 'It''s')

But the point I actually was trying to say: although you might want
constraints on the input to the database (eg only A-z and 0-9 (for which
the already mentioned regular expression is a prefect solution)) you
should _always be very sure_ that the string is escaped before
inserting.

For example:
mysql_query("insert into foo values

('".mysql_escape_string($keywords)."')");


I agree, but I see that NULL is still to be ascaped if I only do A-z 0-9.
Do you think it still matters even if it is like, for example,

.... where `des`= 'test NULL'

or something along those lines.

Thanks

- Nicolaas
Jul 17 '05 #7
"WindAndWaves" <ac****@ngaru.com> wrote in message
news:CO*******************@news.xtra.co.nz...
Hi Gurus

I am a novice - just so you know.

is there a smarter way to write:

$keywords = str_replace("'", "",$keywords);
$keywords = str_replace('"', '',$keywords);
$keywords = str_replace('`', '',$keywords);
$keywords = str_replace('(', '',$keywords);
$keywords = str_replace(')', '',$keywords);
$keywords = str_replace('.', '',$keywords);

I basically only want A-Z, a-z and 0-9 in my keyword string as it has to go in SQL i.e.

'Select * from a where a.description LIKE '%$keywords%'


Regexp is the obvious choice here as other have suggested. If that seems too
opaque, use strtr(), which does multiple find and replace on a string

$replacement_table = array(
'"' => '',
')' => '',
'(' => ''
);
$keywords = strtr($keywords, $replacement_table);

Jul 17 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

9
by: Martin Goldman | last post by:
Hello all, I've been struggling for a few days with the question of how to convert "smart" (curly) quotes into straight quotes. I tried playing with the htmlentities() function, but all that is...
11
by: Ron | last post by:
Hello, I'm having an aggravating time getting the "html" spewed by Word 2003 to display correctly in a webpage. The situation here is that the people creating the documents only know Word, and...
3
by: n2xssvv g02gfr12930 | last post by:
Does anybody know of a smart pointer that supports 'operator->*'. As yet I've always had to use this type of expression ((*sp).*pFnc)() where sp .... Smart pointer to Obj pFnc .. Member...
1
by: HM | last post by:
Hi, I have an existing web application in ASP/VB which uses OCX controls. I want to replace them with a Smart client solution, but I do not want to change the whole application at the first go....
37
by: Ian Rastall | last post by:
I've been working on an online books site for almost four years now, and have been putting smart quotes in each book. This is a major hassle, and I'm beginning to think it's not worth it. Is...
3
by: Sean S - Perth, WA | last post by:
Hi all, I'm wondering if there is a way to find (to strip or process) smart quotes in text submitted via a form? These don't work: strOutput = Replace(strOutput, "“", "“") ' left...
1
by: coolami4u | last post by:
I need a program that simulates the search-and-replace operation in a text editor. The program is to have only three function calls in main. The first function prompts the user to type a string of...
2
by: Adrian Smith | last post by:
Can anyone tell me how to get rid of smart quotes in html using Python? I've tried variations on stuff = string.replace(stuff, "\", "\""), but to no avail, presumably because they're not standard...
0
by: VivesProcSPL | last post by:
Obviously, one of the original purposes of SQL is to make data query processing easy. The language uses many English-like terms and syntax in an effort to make it easy to learn, particularly for...
3
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 3 Jan 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). For other local times, please check World Time Buddy In...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, youll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.